Taking security home could be money in the bank

Many companies use dial-in and VPN connections to keep home-office workers and road warriors happy. Such connections, however, are vulnerable to attacks, unless... IT defenses are extended around remote users' systems.
Written by Steven Vaughan-Nichols, Senior Contributing Editor
Can I be the only one who just spotted a new marketing opportunity for security?

After Microsoft was raided by crackers who broke in through an employee's remote PC and then rode his Microsoft virtual private network (VPN) straight into Microsoft's servers, you'd think someone would've said, "Hey! There's business here." Because no one else seems to have connected the dots, I'll do it for you, and you can send my commission to me care of Sm@rt Partner.

Fundamentally, why was Microsoft cracked? It was cracked because remote sites, a.k.a. its employee PCs, were outside the corporate firewall and viral defenses.

Microsoft isn't the only one, however. Many companies use dial-in and VPN connections to keep home-office workers and road warriors happy. What you can do - listen up, guys, this is where you come in - is extend IT defenses around remote users' systems. It's the only way companies are going to keep their vital information safe and sound these days.

What that means is that you need to put together a suite of personal firewalls and antiviral programs and sell them as a package. That may sound easy, but it's not.

You don't want users simply rolling their own protection with a few guidelines, but I know of at least one company that's doing exactly that. When technology professionals can blow security, do you really want to see how dotty, old George in accounting will handle setting up his firewall?

You'll also want to avoid sending out techs to everyone's home to do it for them. Talk about a waste of manpower. No, what you want to do is give customers a remotely installed and managed customized security package. Given that new viruses will continue to pop up like democrats' voting complaints, the home security system must always be remotely upgradable.

That's a tall order, but if you fill it, all of your old customers, and many new ones, should be knocking on your door.

That's great news, right? But it also triggers another problem. What is your customer's right to install all of this software on its remote users' home PCs? Suppose Josie User thinks the company will not only check her e-mail for a virus, but also for content? That it will virus-scan file downloads, and also display her downloads from www.hot-to-trot.com? Plus, on a practical level, you'd need to support your package on everything from an ancient AT running Windows 3.1 to a Pentium III running SuSE Linux 8.0.

Any way you look at those issues, they've got ugly written all over them. But every problem has a solution, and this one has an additional, profitable one. Don't just sell companies remote-user security packages; sell them complete home-office PC setups of standardized, protected office systems. That, my friends, can be very profitable indeed.

Editorial standards